4 matches found
CVE-2021-21683
The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Overall/Read permission Windows controller or Job/Workspace permission Windows agents to obtain the...
Jenkins Enterprise and Operations Center < 2.249.33.0.1 / 2.277.42.0.1 / 2.303.2.5 Multiple Vulnerabilities (CloudBees Security Advisory 2021-10-06)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.249.x prior to 2.249.33.0.1, 2.277.x prior to 2.277.42.0.1, or 2.x prior to 2.303.2.5. It is, therefore, affected by multiple vulnerabilities, including the following: -...
Jenkins < 2.303.2, < 2.315 Multiple Vulnerabilities - Windows
Jenkins is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2021-21683
CVE-2021-21683 is a path traversal flaw in Jenkins’ file browser present in Jenkins 2.314 and earlier, and LTS 2.303.1 and earlier. On Windows, some file paths could be treated as absolute, enabling attackers with Overall/Read (Windows controller) or Job/Workspace (Windows agents) permissions to ...